Malicious PDF — malware analysis report

Static analysis result for SHA-256 dde14d60396e46a1…

MALICIOUS

PDF

37.3 KB Created: 2020-08-30 11:33:17 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 546a068cd027d29ffe12cdd74dcb5a20 SHA-1: e72fd31947797b2a67380e96788c00e121a7468c SHA-256: dde14d60396e46a1399af750fe8c23b25edddf5fc2d91ba80e4a29119126bed6
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a mass external link farm, with a critical heuristic firing indicating a link to known malicious redirector infrastructure. The embedded URL 'https://ttraff.cc/wix?keyword=carti+online+gratis' is the primary indicator of malicious intent, likely serving as a lure for users seeking free content. The document body, though heavily obfuscated, contains fragments of this URL and references to 'Carti online gratis', reinforcing the phishing pretext.

Heuristics 3

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://ttraff.cc/wix?keyword=carti+online+gratis
    • https://static.usrfiles.com/ugd/b8c837_910ca1f853d14bbd9914e32619b9fbc3.pdf
    • https://static.usrfiles.com/ugd/b8c837_565e142e74bb4bff947d7d6f5e03d185.pdf
    • https://static.usrfiles.com/ugd/b8c837_2e8a88e7e51e4582ac51e7d219dc9ab9.pdf
    • https://static.usrfiles.com/ugd/3aee12_d40e12e1cdc54a4f8c4e9f1cea99a8ff.pdf
    • https://static.usrfiles.com/ugd/49be48_d918d9ab88294a8da1d544166791db97.pdf
    • https://cdn.shopify.com/s/files/1/0429/9502/4033/files/kesotud.pdf
    • https://cdn.shopify.com/s/files/1/0432/6067/4198/files/effects_of_globalization_on_business.pdf
    • https://cdn.shopify.com/s/files/1/0431/7118/4794/files/5784181618.pdf
    • https://cdn.shopify.com/s/files/1/0431/7691/9194/files/torejatuvupoxur.pdf
    • https://cdn.shopify.com/s/files/1/0432/3144/5156/files/gowezog.pdf
    • https://cdn.shopify.com/s/files/1/0432/0755/7283/files/spinoza_ethics_penguin.pdf
    • https://cdn.shopify.com/s/files/1/0433/7877/0076/files/learn_python_the_hard_way_python_3.pdf
    • https://cdn.shopify.com/s/files/1/0432/7368/3100/files/7858218090.pdf
    • https://cdn.shopify.com/s/files/1/0428/7578/1276/files/64993501911.pdf
    • https://cdn.shopify.com/s/files/1/0431/4054/6714/files/10658112777.pdf
    • https://cdn.shopify.com/s/files/1/0427/5198/3772/files/seismic_data_acquisition_and_processing.pdf
    • https://cdn.shopify.com/s/files/1/0459/9382/0327/files/wenilotobelibaromufibuzib.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://ns.adobe.com/xap/1.0/rights/

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00005615.bin
95d71c69c37c36a3ae926ce67b921db294687606202d604731812a4931bbfae7		 pdf-font-stream PDF embedded font (sfnt) at offset 0x5615 4760 bytes
font_01_sfnt_off00006652.bin
a9576a4a7326822917902b9a2d790c02264977fe1f386dda498b1b17b0ea0e2e		 pdf-font-stream PDF embedded font (sfnt) at offset 0x6652 10064 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.